CVE-2025-5180 Wondershare Filmora Installer NFWCHK.exe uncontrolled search path

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking...

CVE-2025-5180

CVE-2025-5180 affects Wondershare Filmora 14.5.16. The issue is in the Installer component, specifically the NFWCHK.exe’s interaction with the CRYPTBASE.dll library, which enables an uncontrolled search path. This allows a local attacker to exploit the vulnerability, with attack complexity descri...

GHSA-QPXX-2CWH-R5VH pypickle Incorrect Privilege Assignment vulnerability

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-5175

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-5173

CVE-2025-5173 affects HumanSignal label-studio-ml-backend, specifically the PT File Handler's neural_nets.py load function. The vulnerability arises from manipulation of the path argument, leading to deserialization. This is described as a local attack with the affected release up to 9fb7f4aa1866...

PYSEC-2025-175

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

CVE-2025-5168

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

CVE-2025-5168

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

CVE-2025-5166

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

CVE-2025-5168

CVE-2025-5168 affects Open Asset Import Library Assimp 5.4.3. The vulnerable component is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 in the file assimp/code/AssetLib/MDL/MDLLoader.cpp , where manipulation of the argument iIndex leads to an out-of-bounds read. A local attack is requi...

CVE-2025-5168 Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

CVE-2025-5168 Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

CVE-2025-5167

CVE-2025-5167 affects Open Asset Import Library Assimp, version 5.4.3. The vulnerability is in LWOImporter::GetS0 (LWOLoader.h), where manipulating the argument can cause an out-of-bounds read. Evidence indicates the issue requires local access, the exploit has been disclosed publicly, and resear...

CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

PYSEC-2025-172

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

CVE-2025-5165 Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

CVE-2025-5165

Summary (CVE-2025-5165): Open Asset Import Library Assimp 5.4.3 contains a vulnerability in MDCImporter::ValidateSurfaceHeader (MDCLoader.cpp) where manipulating argument pcSurface2 yields an out-of-bounds read. The issue requires local access to exploit and, per OSV updates, has been combined wi...

CVE-2025-5165 Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...